New Side-Channel Vulnerability Leaks Sensitive Data From Intel Chips

A newly revealed side-channel attack can leak encrypted data from Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture.

Dubbed PortSmash and tracked as CVE-2018-5407, the vulnerability affects all CPUs that rely on SMT, including Intel’s Hyper-Threading architectures. By exploiting the vulnerability, an attacker could extract sensitive data such as encryption keys from a computer’s memory or processor.

The issue was discovered by researchers at Tampere University of Technology in Finland, and Universidad Tecnológica de la Habana (CUJAE) in Cuba. By exploiting the vulnerability, they were able to steal an OpenSSL P-384 private key from a TLS server.

As Billy Brumley from the Tampere University of Technology explains, the bug can be categorized as information disclosure through timing discrepancy and exists due to execution engine sharing on SMT.

The SMT technology makes it possible for multiple threads to be executed simultaneously on a CPU core. Because of this, however, malicious code could snoop into the code running on the other thread on the same core, even if it belongs to a cryptographic application, which would normally include protections against side-channel assaults.

“We detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core,” he says.

For the attack to be successful, the malicious process needs to run on the same physical core as the victim process.

The vulnerability has been verified on Intel's Skylake and Kaby Lake processors, and experts believe that chips from other manufacturures such as AMD could also be vulnerable. Proof-of-concept (PoC) code for Intel chips has already been published. The code was designed to measure timing discrepancies and discover and exfiltrate protected data from the victim process.

“This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures, customizing the strategies and/or waiting times in spy is likely needed,” the researcher notes.

Brumley underlines the fact that this is a hardware issue that has nothing to do with the memory subsystem or caching. He also points out that any “software that has secret dependent control flow at any granularity” is impacted.

By abusing the new type of attack, an actor could steal “generated keys and decrypt any conversation that would otherwise have been protected by the key,” Justin Jett, Director of Audit and Compliance for Plixer, told SecurityWeek in an email.

“Additionally, because the malware writer is already on the machine, they have a better understanding of where these keys may be used (for example, were the keys then moved to a specific folder that is being used by an application installed on the machine),” Jett continued.

To mitigate impact, one would need to disable SMT/Hyper-Threading in the BIOS setup. However, the option might not be available in many systems, as OpenBSD’s Mark Kettenis points out.

The vulnerability was reportedly submiited to Intel in early October. PortSmash, however, does not appear related to recently discovered attacks that rely on speculative execution, such as Spectre and Meltdown. It has nothing in common with Foreshadow/L1 Terminal Fault (L1TF) either.

“PortSmash, and all the other processor vulnerabilities like Meltdown and Spectre, is a reminder that we have to rotate the keys and certificates that serve as machine identities, much more frequently than we do," Kevin Bocek, chief cybersecurity officer at Venafi, told SecurityWeek. "Our machine identities are kept around for years, and it’s crazy to think machine that they won’t be attacked. This is especially true a cloud and microservices environments, where these kinds of vulnerabilities are most dangerous."

"The reality is that most keys and certificates aren’t changed often, and a surprising number are never changed," Bocek added. "These are the machine identities that are most at risk from PortSmash."

In February 2018, Intel announced that it would offer up to $250,000 for valid side-channel exploits reported through its bug bounty program.

UPDATE. An Intel spokesperson provided SecurityWeek the following statement:

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.